Professional Documents
Culture Documents
Ubuntu Hacks: Virtual Virtual Devices: Encrypted RAID
Ubuntu Hacks: Virtual Virtual Devices: Encrypted RAID
Ubuntu Hacks: Virtual Virtual Devices: Encrypted RAID
OSCON
July 26th, 2006
Device Mapper
New feature in 2.6 kernel to layer arbitrary features
on top of block devices
●
Snapshotting
●
Backups
●
Redirection
●
Encryption
Jonathan Oxer
Device Mapper Modules
Modules use the device-mapper framework to
implement specific functionality:
●
“dmraid” for software RAID
●
“cryptsetup” for block device encryption
Jonathan Oxer
Alternative Systems
Cryptoloop and loop-AES are older approaches to
filesystem encryption.
●
Known plaintext attacks
●
Watermark attacks
Jonathan Oxer
Caveats
Encrypted filesystems typically write faster than
they read!
Jonathan Oxer
Layering Virtual Devices
Jonathan Oxer
Layering Virtual Devices
Jonathan Oxer
Layering Virtual Devices
Jonathan Oxer
Layering Virtual Devices
Jonathan Oxer
Layering Virtual Devices
Jonathan Oxer
Layering Virtual Devices
Jonathan Oxer
Install Required Packages
Install device-mapper and cryptsetup packages:
sudo aptget install cryptsetup
Jonathan Oxer
Create The Device Layers
●
Create the pair of RAID-0 devices:
mdadm create /dev/md0 level=0 \
raiddevices=2 /dev/sda1 /dev/sda2
mdadm create /dev/md1 level=0 \
raiddevices=2 /dev/sda3 /dev/sda4
●
Use those to create a RAID-1 device:
mdadm create /dev/md2 level=1 \
raiddevices=2 /dev/md0 /dev/md1
●
Create an encrypted virtual device:
cryptsetup create usb1 /dev/md2
●
Create a filesystem on the virtual device:
mkfs.ext2 /dev/mapper/usb1
●
Finally, mount it:
mount /dev/mapper/usb1 /mnt/usb1
Jonathan Oxer
Layering Virtual Devices
Jonathan Oxer
More Information
Jonathan Oxer